<?php
	
	date_default_timezone_set('Asia/Bangkok');

	function redirect_to( $location = NULL ) {
		if ($location != NULL) {header("Location: {$location}");
			exit;
		}
	}
	function confirm_query($result_set) {
		if (!$result_set) {
			die("Database query failed: " . mysql_error());
		}
	}
	function today() {
		$time = TIME(); $date = date("d",$time); $month = date("m",$time);
		$year = date("y",$time); $year = $year+2000; 
		$today = $year."-".$month."-".$date;
		return $today;
	}
	function logged_in($ip) {
		$string = "-o eth1 -j MASQUERADE";
		global $connection;
		$query = "SELECT `visible`";
		$query .= " FROM `rules`";
		$query .= " WHERE `ip` = '{$ip}'";
		$query .= " AND `rule` LIKE '%{$string}'";
		$query .= " AND `visible` = 1";
		$query .= " LIMIT 1";
		$result = mysql_query($query, $connection);
		confirm_query($result);
		$output = false;
		if (mysql_num_rows($result)) {
			$output = true;
		}
		return $output;
		
	}
	function existrule($rule) {
		global $connection;
		$query = "SELECT `visible`";
		$query .= " FROM `rules`";
		$query .= " WHERE `rule` = '{$rule}'";
		$query .= " AND `visible` = 1";
		$query .= " LIMIT 1";
		$result = mysql_query($query, $connection);
		confirm_query($result);
		$output = false;
		if (mysql_num_rows($result)) {
			$output = true;
		}
		return $output;
		
	}
	function tagadd($ip,$rule) {
		global $connection;
		$query = "INSERT INTO `rules` ( `ip`,`rule` ) VALUES ( '{$ip}','{$rule}' )";
		$result = mysql_query($query, $connection);
		confirm_query($result);
		
	}
	function tagdel($rule) {
		global $connection;
		$query = "DELETE FROM `rules` WHERE `rule` = '{$rule}'";
		$result = mysql_query($query, $connection);
		confirm_query($result);
	}
	function normal($ip) {
		$nport = "21,22,25,43,110,443,465,993,5222,1863,1935,1755";
		$proxy = "192.168.10.254";

		$r0 = "iptables -t nat -D PREROUTING -s $ip -p tcp --dport 80 -j DNAT --to-destination $proxy:1000"; # original from boot
		exec("sudo $r0");
		$r0a = "iptables -t nat -A PREROUTING -s $ip -p tcp --dport 80 -j DNAT --to-destination $proxy:1000"; # original from boot
		if (existrule(htmlspecialchars($r0a, ENT_QUOTES))) {
			tagdel(htmlspecialchars($r0a, ENT_QUOTES));
		}

		// will fixed 443 redirect later
		// $rb = "iptables -t nat -D PREROUTING -s $ip -p tcp --dport 443 -j DNAT --to-destination $proxy:1000"; # original from boot
		// exec("sudo $rb");
		// $rba = "iptables -t nat -A PREROUTING -s $ip -p tcp --dport 443 -j DNAT --to-destination $proxy:1000"; # original from boot
		// if (existrule(htmlspecialchars($rba, ENT_QUOTES))) {
		// 	tagdel(htmlspecialchars($rba, ENT_QUOTES));
		// }


		$m0 = "iptables -t nat -A PREROUTING -d $proxy -s $ip -p tcp --dport 80 -j DNAT --to-destination $proxy:1000";
		if (!existrule(htmlspecialchars($m0, ENT_QUOTES))) {
			exec("sudo $m0");
			tagadd($ip,htmlspecialchars($m0, ENT_QUOTES));
		}

		$r1 = "iptables -t nat -A PREROUTING ! --destination $proxy -s $ip -p tcp --dport 80 -j DNAT --to-destination $proxy:3128";
		if (!existrule(htmlspecialchars($r1, ENT_QUOTES))) {
			exec("sudo $r1");
			tagadd($ip,htmlspecialchars($r1, ENT_QUOTES));
		}
		
		$r2 = "iptables -t nat -A POSTROUTING -s $ip -p tcp -m multiport --dports $nport -o eth1 -j MASQUERADE";
		if (!existrule(htmlspecialchars($r2, ENT_QUOTES))) {
			exec("sudo $r2");
			tagadd($ip,htmlspecialchars($r2, ENT_QUOTES));
		}
		
	}
	function addition($ip) {
		// together
		$r5 = "iptables -A PREROUTING -s $ip -t mangle -p udp -j MARK --set-mark 2";
		if (!existrule(htmlspecialchars($r5, ENT_QUOTES))) {
			exec("sudo $r5");
			tagadd($ip,htmlspecialchars($r5, ENT_QUOTES));
		}
		$r6 = "iptables -t nat -A POSTROUTING -s $ip -p udp -o eth0 -j MASQUERADE";
		if (!existrule(htmlspecialchars($r6, ENT_QUOTES))) {
			exec("sudo $r6");
			tagadd($ip,htmlspecialchars($r6, ENT_QUOTES));
		}
		// together
		$r7 = "iptables -A PREROUTING -s $ip -t mangle -p tcp --dport 2000:4900 -j MARK --set-mark 2";
		if (!existrule(htmlspecialchars($r7, ENT_QUOTES))) {
			exec("sudo $r7");
			tagadd($ip,htmlspecialchars($r7, ENT_QUOTES));
		}
		$r8 = "iptables -t nat -A POSTROUTING -s $ip -p tcp --dport 2000:4900 -o eth0 -j MASQUERADE";
		if (!existrule(htmlspecialchars($r8, ENT_QUOTES))) {
			exec("sudo $r8");
			tagadd($ip,htmlspecialchars($r8, ENT_QUOTES));
		}
		// together
		$r9 = "iptables -A PREROUTING -s $ip -t mangle -p tcp --dport 5300:13000 -j MARK --set-mark 2";
		if (!existrule(htmlspecialchars($r9, ENT_QUOTES))) {
			exec("sudo $r9");
			tagadd($ip,htmlspecialchars($r9, ENT_QUOTES));
		}
		$r10 = "iptables -t nat -A POSTROUTING -s $ip -p tcp --dport 5300:13000 -o eth0 -j MASQUERADE";
		if (!existrule(htmlspecialchars($r10, ENT_QUOTES))) {
			exec("sudo $r10");
			tagadd($ip,htmlspecialchars($r10, ENT_QUOTES));
		}
		// together
		$r11 = "iptables -A PREROUTING -s $ip -t mangle -p tcp --dport 22000:29000 -j MARK --set-mark 2";
		if (!existrule(htmlspecialchars($r11, ENT_QUOTES))) {
			exec("sudo $r11");
			tagadd($ip,htmlspecialchars($r11, ENT_QUOTES));
		}
		$r12 = "iptables -t nat -A POSTROUTING -s $ip -p tcp --dport 22000:29000 -o eth0 -j MASQUERADE";
		if (!existrule(htmlspecialchars($r12, ENT_QUOTES))) {
			exec("sudo $r12");
			tagadd($ip,htmlspecialchars($r12, ENT_QUOTES));
		}
		// together
		$r13 = "iptables -A PREROUTING -s $ip -t mangle -p tcp --dport 14000:16000 -j MARK --set-mark 2";
		if (!existrule(htmlspecialchars($r13, ENT_QUOTES))) {
			exec("sudo $r13");
			tagadd($ip,htmlspecialchars($r13, ENT_QUOTES));
		}
		$r14 = "iptables -t nat -A POSTROUTING -s $ip -p tcp --dport 14000:16000 -o eth0 -j MASQUERADE";
		if (!existrule(htmlspecialchars($r14, ENT_QUOTES))) {
			exec("sudo $r14");
			tagadd($ip,htmlspecialchars($r14, ENT_QUOTES));
		}

	}
	function web($ip) {
		normal($ip);
		exec("sudo rmtrack $ip");
	}
	function torrent($ip) {
		normal($ip);
		addition($ip);
		exec("sudo rmtrack $ip");
	}

?>